GTS: website research

Recommended Posts

Thanks for the quick reply! Code works fine (and obviously works better) but still can't connect, even though ports are open. Beginning to wonder about latency, etc. Will probably just start grabbing packets and troubleshooting myself, I wonder if my computer is having trouble responding to the dns request or the actual http gts transfer.

Breaking the encryption is going to be harder. Some random observations:

The data= parameter is base64-encoded

The base64-encoded data always begins with "Sj". Does anyone else find that odd? Wait—it's even better than that: the base64-decoded data always begins with "J;". Not sure what that means, though. Perhaps it indicates how the data is encrypted.

The data sent to post.asp is 300 bytes long. 8 bytes longer than the Pokémon data.

The data sent to exchange.asp is 304 bytes long. 12 bytes longer than the Pokémon data.

The data sent to post_finish.asp is 16 bytes long.

The data sent to info.asp, result.asp and get.asp is 8 bytes long and, for a given pid, is the same for every request. But it is different for different pids. This means that a change in the pid must correlate with a change in either the encryption OR the data. Personally, i'm betting on the data. It also means that the hash does not factor into the encryption.

If you post the same Pokémon twice, the data is completely different each time.

This is 300 bytes -- eight bytes longer than the size of a Pokémon save struct with the extra 56 GTS bytes.

The post_finish was:

token: RopF90e9azV0W2mqhIWuLIbn5qSqqrDT

hash: 97f3488b0caa742140e4bdc2a118c091b66d0355

data:

0000000: 4a3b 2f96 23e0 d995 b2a9 455b f955 fbba J;/.#.....E[.U..

As magical said, posting the same Pokémon twice results in entirely different data. It then seems likely that the token or hash is used as a key... but requests to info.asp et al send the same eight bytes. And what is being sent to post_finish that it has another eight bytes?

4a3b aea9 fcae abec -- first eight bytes to post.asp

4a3b 2f96 23e0 d995 -- first eight bytes to post_finish.asp

Looking at some of magical's experiments, I've noticed the following.

These are data sent to info.asp, from three different pids (two magical, the third depundep):

0000000: 4a3b 2d75 3f14 cc1d J;-u?...

0000000: 4a3b 2de5 07b1 0239 J;-....9

0000000: 4a3b 2e09 3fa6 8a60 J;..?..`

And these are data sent to post_finish.asp, from the same two different pids:

0000000: 4a3b 2f33 51ef f2e5 a09e d65f 3ca0 3bf3 J;/3Q......_<.;.

0000000: 4a3b 2fe9 1af2 0cc6 887a c2f3 24ad dc68 J;/......z..$..h

0000000: 4a3b 2f96 23e0 d995 b2a9 455b f955 fbba J;/.#.....E[.U..

pids are:

98193975 (0x05da5237)

255512799 (0x0f3ad0df)

117094747 (0x06fab95b)

So the third byte seems to stay the same across requests to the same page. Except for depundep's info.asp, which is off by 1..?

The info.asp data might be a null payload. So what are the other five bytes? Hash of the pid?

Share this post

Link to post

Share on other sites

Is there a way yet, to send multiple pokemon in one go without having to restart the game?

I believe this would be possible by replying to result.asp with several different Pokémon in a row, but it won't actually work unless we can figure out why Pt/HG/SS report a communication error.

Why does it return 1? In most big company code(I say that loosely) doesn't returning 1 usually indicate an error while 0 indicates success?

Process exit codes use 0 for success and 1–255 for error, yes. The only place sendpkm.py explicitly exits is if you don't provide a filename, which is indeed an error. Otherwise it drops out and Python will exit with 0.

Edit: Oh, the 0x0001 response. I can't recall ever seeing 0 used for success outside process exit, actually. But that's what was sniffed from D/P, and we have no idea what it actually means either way; result.asp uses 0x0004 and 0x0005 to mean yes/no. (What.) Dumps of the same operations performed by both D/P and Pt/HG/SS should tell us for sure.

Also, has anyone tried to have their browser emulate whatever the DS sends? Like the identity thing if it's a FF browser, IE or Opera and all that?

It would probably work, but I doubt it would be useful. We don't know the encryption used for sending data, you need to respond to a challenge every time you send a request, and the response is binary.

Share this post

Link to post

Share on other sites

I seem to still be having some troubles that keep leading to the blue screen.

I am running Mac OS X. Python version 2.6

With LordLandon's advice on my first issue I checked what else was running. I turned off printer sharing, web sharing, etc.

I used an AR DSi to dump my save file to micro SD. I coverted it from .DUC to SAV and extracted my party Pokemon.

For some reason it appears to connect and still goes to the blue screen that says "press A to return to title screen." When I attempted to use a box Pokemon the screen flickered blue and black and static.

I have tried Diamond, Pearl, and Platinum all three do the same thing. I am wondering is there an updated version of sendpkm? Or is there anything else on my own network or computer I can try? Are thee any settings on my router I can change? I keep looking through my control panels, and the router settings and don't see anything that would make sense to change in either place. Any advice would be appreciated.

Also, has anyone tried this on Heartgold/Soulsilver yet??? I have made it to Goldenrod City on both of my saves and would have already tried it if not for the issues I am still having on D/P/PT

Thanks in advance to any kind sould who can help solve this for me.

--Ringo

PS-- Thanks again to LordLangdon for your service to the Pokemon community and for the help solving the first issue I had.

Share this post

Link to post

Share on other sites

I've played a bit around with this myself, thanks to the sample DNS server script LordLandon submitted and after some Python quick courses I managed to make a simple DNS redirect .py script that simply redirects all GTS related requests to a specific IP (webserver) thus you can by manually entering a DNS on the Pokemon game network settings, you can connect to a custom web-server and let it handle your client requests -rather than the official GTS.

It's not perfect but combining the DNS server with a simple PHP script it currently let's you be online without disconnecting (though no results are returned when you search, deposit only shows the visuals -no pokemon is actually deposited anywhere). With a simple on/off flag I can make anyone that connects "forcefully" receive a pokemon as if someone traded with them. Looking around and I see others are looking into the server side data, it's nice because if the _GET[data] can be decoded and information extracted, it's possible to even create a PKM file server where you "search" for a pokemon and you always find "people" that trade it away (funny enough it would simply be the server decoding your search and then for example forcing you to accept a pokemon as if someone traded it to you the normal way).

A lot of possibilities and I think there will be a projectpokemon.org official GTS DNS address everyone can input and fetch their legal pokemon at what ever level and gender they want.

Included my sources as an attachment, nothing big just another version of what LordLandon made only that this is for a webserver (PHP and Python to encode/decode pkm/bin).

By the way if you wanna try it out and see what awesome Pokémon you get by connecting to my GTS server, you actually can for tonight! Load the game, edit the network settings, set the DNS primary IP to my IP: 84.202.82.24. Save the changes and load the save, go to GTS (Goldenrod City, west of the Radio Station) and connect. So far the connection tests and "handshake" server(?) connections are not touched, but once it starts to read from the website it will be my own server and not Nintendos. If someone uses it tonight I'll check the logs and see how it went, just trying it out so won't be online after ~12 hours.

Share this post

Link to post

Share on other sites

This is kind of neat. Package contains a mini DNS server and the PHP files for the logging.

It does require some configuration but in the end by having $pure_log on, it simply receives requests and writes the communication to log files. It still uses the official servers but the game is not aware of that, kind of cool. Helps log stuff when you go to GTS or the battletower, do some stuff and the data is logged for future research.

I doubt it's something new but what the heck, perhaps someone gets more use of this than me.

Share this post

Link to post

Share on other sites

This is kind of neat. Package contains a mini DNS server and the PHP files for the logging.

It does require some configuration but in the end by having $pure_log on, it simply receives requests and writes the communication to log files. It still uses the official servers but the game is not aware of that, kind of cool. Helps log stuff when you go to GTS or the battletower, do some stuff and the data is logged for future research.

I doubt it's something new but what the heck, perhaps someone gets more use of this than me.

I'm having issues trying to figure out how to set it up so that I can publish my DNS to allow people outside my network to connect. I was under the original assumption that your script is made so it can go up on a webhost, but when I put it up on mine it doesn't do anything (probably due to shared hosting), or maybe I'm missing on how to do this altogether, working on like 6 hours of sleep from 2 days ago.

Forgot to mention, I'm really only interested in serving up pokemon, preferably many at a time to different people (if possible) and being able to just have the script run at different times of day (easy enough to setup).

I tried no-ip (what you're using), but was still a bit lost despite having used it before.

Share this post

Link to post

Share on other sites

I'm having issues trying to figure out how to set it up so that I can publish my DNS to allow people outside my network to connect. I was under the original assumption that your script is made so it can go up on a webhost, but when I put it up on mine it doesn't do anything (probably due to shared hosting), or maybe I'm missing on how to do this altogether, working on like 6 hours of sleep from 2 days ago.

Forgot to mention, I'm really only interested in serving up pokemon, preferably many at a time to different people (if possible) and being able to just have the script run at different times of day (easy enough to setup).

I tried no-ip (what you're using), but was still a bit lost despite having used it before.

The Python script will send all DNS requests to what ever IP you like (in this case your own host IP). Now the PHP website thing is just a fragment of what "GTS" really is, just a test and it's not something I recommend you use. On the other hand what you can do is simply use the original LordLandon Python script that is both webserver and DNS server.

Run sendpkm.py and it should ask you to enter the path to a .pkm file. Once that's done it will wait for a DS to contact it, the way that happens is to put your own IP (public IP even if you like) on the Pokemon network settings (in the Pokemon game, main screen, WIFI settings). Port 53 must be publicly open on the PC you use as a "server" and you should be able to log the GTS (official one) from before, this means all ports are okay.

About the PHP script I made you must edit .htaccess (the relative "root" path) and the index.php (lines 16-20 and 26-27). Btw if line 16 is set to "$pure_log = 1;" then it simply acts and works as the official GTS because it just sends all requests to GTS and sends the response to the NDS and it wont tell the difference. You could try that just to see if it works, then by disabling $pure_log and enabling $pkmdist it will send what ever .pkm file you specify on line 27 to each person that connect. The DNS server must run on the side to keep redirecting requests properly.

It's not bug free, it's far from finished and if you hang on a while longer there will be a proper GTS source-code available for all the enthusiasts that wanna run their own home GTS for themselves and friends.

*Edit*

Also, for the DNS to work properly, if you have a host and you ping the domain for your site you can read the proper IP, now if you http://0.0.0.0 directly, if you do not get to the website directly then it wont work using that as the server for the PHP files. I myself run XAMPP on my own machine, that's why my no-ip domain points directly to my IP so you can access my "homepage" both using IP and domain name. The DNS server LordLandon and I made are simple

Share this post

Link to post

Share on other sites

Let's just say that if it does utilize the DNS settings (as it should) and if the connection is not SSL encrypted it will be possible to as well emulate that like the GTS. Problem is if the server use SSL encryption it will be really hard to crack and then act as the server, the client would not get what it expects and it would just end up with errors and blue screens. Let's hope for the best but I have not looked into it, last time I checked for Mystery Gift over WIFI it connected to a special download server, didn't check the communication but it may be SSL.

Share this post

Link to post

Share on other sites

I can't seem to get it to work for me. I'm using a laptop with Vista, and I've tried running it both wirelessly and with a cable going to the router. I've opened port 53, and forwarded it on the router to this computer. I put the IP that sendpkm gave me in as the DNS info in the WFC setup. Every time I go it either tells me I can't connect, or gives me the blue error screen. Did I miss something on this thread? Some help would be greatly appreciated